Hi
I'm no expert but i think 'SOGoUserSources' can only be set once, since
it's an array you just set it like the following
SOGoUserSources = (
{
type = ldap;
hostname = "ldap://127.0.0.1:389";;
baseDN = "o=domains,dc=domain,dc=com";
bindDN = "cn=vmailadmin,dc=domain,dc=com";
bindPassword = “PASSWD";
filter = "objectClass=mailUser AND accountStatus=active";
scope = SUB;
userPasswordAlgorithm = ssha;
IDFieldName = mail;
bindFields = (mail);
CNFieldName = cn;
UIDFieldName = mail;
IMAPLoginFieldName = mail;
SearchFieldNames = (cn, sn, displayName, telephoneNumber,
mail, shadowAddress);
canAuthenticate = YES;
displayName = "LDAP Auth";
id = ldap_auth;
isAddressBook = NO;
},
{
type = ldap;
hostname = "ldap://127.0.0.1:389";;
baseDN = "o=domains,dc=domain,dc=com";
bindDN = "cn=vmailadmin,dc=domain,dc=com";
bindPassword = “PASSWD";
filter = "objectClass=mailUser AND accountStatus=active
AND enabledService=mail AND mail <> ‘fi...@domain.com' AND mail <>
’sec...@domain.com'";
scope = SUB;
userPasswordAlgorithm = ssha;
IDFieldName = mail;
bindFields = (mail);
CNFieldName = cn;
UIDFieldName = mail;
IMAPLoginFieldName = mail;
SearchFieldNames = (cn, sn, displayName, telephoneNumber,
mail, shadowAddress);
canAuthenticate = NO;
displayName = "Global Address Book";
id = ldap_addressbook;
isAddressBook = YES;
}
);
Regards
Christian Jensen
On 08-07-2015 17:06, Hugo wrote:
the one you authenticate with should be left as it was before, and you
should give them 2 different ID's.
furthermore, uid is not an email address. if you like to sort the
users out by email then say mail <> 'fi...@domain.com' instead of uid
<> 'fi...@domain.com'. even if you have set UIDFieldName = mail, that
is only an ldap attribute mapping. the ldap filter matches the real
ldap attributes, so you have to use the attribute 'mail' here.
you perhaps could also drop some of the defs that are not used by
auth, but I think they will be ignored anyway.
something like:
SOGoUserSources = (
{
type = ldap;
hostname = "ldap://127.0.0.1:389";;
baseDN = "o=domains,dc=domain,dc=com";
bindDN = "cn=vmailadmin,dc=domain,dc=com";
bindPassword = “PASSWD";
filter = "objectClass=mailUser AND accountStatus=active";
scope = SUB;
userPasswordAlgorithm = ssha;
IDFieldName = mail;
bindFields = (mail);
CNFieldName = cn;
UIDFieldName = mail;
IMAPLoginFieldName = mail;
SearchFieldNames = (cn, sn, displayName,
telephoneNumber, mail, shadowAddress);
canAuthenticate = YES;
displayName = "LDAP Auth";
id = ldap_auth;
isAddressBook = NO;
}
);
SOGoUserSources = (
{
type = ldap;
hostname = "ldap://127.0.0.1:389";;
baseDN = "o=domains,dc=domain,dc=com";
bindDN = "cn=vmailadmin,dc=domain,dc=com";
bindPassword = “PASSWD";
filter = "objectClass=mailUser AND accountStatus=active
AND enabledService=mail AND mail <> ‘fi...@domain.com' AND mail <>
’sec...@domain.com'";
scope = SUB;
userPasswordAlgorithm = ssha;
IDFieldName = mail;
bindFields = (mail);
CNFieldName = cn;
UIDFieldName = mail;
IMAPLoginFieldName = mail;
SearchFieldNames = (cn, sn, displayName,
telephoneNumber, mail, shadowAddress);
canAuthenticate = NO;
displayName = "Global Address Book";
id = ldap_addressbook;
isAddressBook = YES;
}
);
#######################
perhaps someone else who already tried this can also contribute? I
last used sogo with LDAP 3-4 years ago :)
On 08.07.2015 15:32, Yavuz Maşlak wrote:
On 08/07/15 14:48, "Hugo" <m...@hugo.ro> wrote:
you have to define two LDAP connections, one for the login auth, which
should be as it is now (filter unchanged), with:
canAuthenticate = YES;
isAddressBook = NO;
and another one for the address book only, where you set:
canAuthenticate = NO;
isAddressBook = YES;
--->8---
follow the documentation:
The filter to use for LDAP queries, it should be
defined as an EOQualifier. The following opera-
tors are supported:
<> – inequality operator
= – equality operator
Multiple qualifiers can be joined by using OR and AND,
they can also be grouped together by
using parenthesis. Attribute values should be
quoted to avoid unexpected behaviour.
For example:
filter = "(objectClass='mailUser' OR objectClass='mailGroup') AND
accountStatus='active' AND uid <> 'alice'";
---8<---
that means, the filter for the address book should be something like
this:
filter = "objectClass=mailUser AND accountStatus=active AND
enabledService=mail AND uid <> 'alice' AND uid <> 'bob'";
you have to substitute 'alice' and 'bob' with the UID of your LDAP
users
to be hidden.
regards,
hugo.-
On 08.07.2015 08:20, Yavuz Maşlak wrote:
On 08/07/15 04:33, "Hugo" <m...@hugo.ro> wrote:
hi
maybe there's another approach, but I think you could use a filter
that
excludes those users from the search for the address book ldap
connection. something like:
(&(objectClass=person)(mail=*)(!(mail=t...@one.not))(!(t...@neith.er)))
of course, transformed into the sogo config style, see the docs for
that
http://www.sogo.nu/files/docs/SOGo%20Installation%20Guide.pdf
On 07.07.2015 22:52, Yavuz Maşlak wrote:
Hello
I installed sogo. I use ldap for user authentication.
I want some accounts to be invisible from global address book.
How can i do that ?
Could you give me an example ?
Thanks a lot
--
users@sogo.nu
https://inverse.ca/sogo/lists
My sogo filter conf like below
filter = "objectClass=mailUser AND accountStatus=active AND
enabledService=mail”;
If i add addition the expression you gave, filter =
"objectClass=mailUser
AND
(&(objectClass=person)(mail=*)(!(mail=t...@one.not))(!(t...@neith.er)))
AND accountStatus=active AND enabledService=mail";
I can not login as the SOGO my user begins not to work. So i had to
remove
the new expression.
What can be the problem
--
users@sogo.nu
https://inverse.ca/sogo/lists
Ok I added second Sogo source block something like below;
SOGoUserSources = (
{
type = ldap;
hostname = "ldap://127.0.0.1:389";;
baseDN = "o=domains,dc=domain,dc=com";
bindDN = "cn=vmailadmin,dc=domain,dc=com";
bindPassword = “PASSWD";
filter = "objectClass=mailUser AND accountStatus=active AND
enabledService=mail AND uid <> ‘fi...@domain.com' AND uid <>
’sec...@domain.com'";
scope = SUB;
userPasswordAlgorithm = ssha;
IDFieldName = mail;
bindFields = (mail);
CNFieldName = cn;
UIDFieldName = mail;
IMAPLoginFieldName = mail;
SearchFieldNames = (cn, sn, displayName, telephoneNumber,
mail, shadowAddress);
canAuthenticate = YES;
displayName = "Global Address Book";
id = ldap_auth;
isAddressBook = NO;
}
);
SOGoUserSources = (
{
type = ldap;
hostname = "ldap://127.0.0.1:389";;
baseDN = "o=domains,dc=domain,dc=com";
bindDN = "cn=vmailadmin,dc=domain,dc=com";
bindPassword = “PASSWD";
filter = "objectClass=mailUser AND accountStatus=active AND
enabledService=mail AND uid <> ‘fi...@domain.com' AND uid <>
’sec...@domain.com'";
scope = SUB;
userPasswordAlgorithm = ssha;
IDFieldName = mail;
bindFields = (mail);
CNFieldName = cn;
UIDFieldName = mail;
IMAPLoginFieldName = mail;
SearchFieldNames = (cn, sn, displayName, telephoneNumber,
mail, shadowAddress);
canAuthenticate = NO;
displayName = "Global Address Book";
id = ldap_auth;
isAddressBook = YES;
}
);
#######################
But after sogo restarted, i can not login at sogo with my self account.
How can i fix it? I put down the same filter settings. How should it be?
Thanks
--
users@sogo.nu
https://inverse.ca/sogo/lists
